CVE-2019-11070

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...

Security update for obs-service-tar_scm (important)

openSUSE Security Update: Security update for obs-service-tarscm Announcement ID: openSUSE-SU-2019:0329-1 Rating: important References: 1076410 1082696 1105361 1107507 1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: openSUSE Backports SLE-15 An update tha...

Security update for obs-service-tar_scm (important)

openSUSE Security Update: Security update for obs-service-tarscm Announcement ID: openSUSE-SU-2019:0326-1 Rating: important References: 1076410 1082696 1105361 1107507 1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: openSUSE Leap 15.0 An update that solve...

Insufficient Error Handling in http-proxy

Affected versions of http-proxy are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash. Recommendation Update to version 0.7.0 or later...

GHSA-9XW9-PVGV-6P76 Insufficient Error Handling in http-proxy

Affected versions of http-proxy are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash. Recommendation Update to version 0.7.0 or later...

Wavemaker Studio 6.6 - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...

Security Bulletin: A vulnerability in cURL libcURL affects IBM Tivoli Composite Application Manager for Transactions (CVE-2014-8150)

Summary There is a vulnerability in cURL libcURL that is used by IBM Tivoli Composite Application Manager for Transactions. This was disclosed on January 8, 2015 by the cURL libcURL Project. Vulnerability Details CVE-ID: CVE-2014-8150 DESCRIPTION: libcURL is vulnerable to CRLF injection, caused b...

CVE-2017-16014

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...

Unspecified vulnerability in Http-proxy

Http-proxy is a full-featured HTTP proxy for Node.js. A security vulnerability exists in Http-proxy versions prior to 0.7.0. An attacker can exploit this vulnerability to cause a denial of service server crash...

Unspecified vulnerability in proxy.js

proxy.js is an HTTP proxy. A security vulnerability exists in proxy.js. An attacker can exploit this vulnerability to steal environment variables...

CVE-2018-3739

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

Denial of service

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...

CVE-2017-16014

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...

CVE-2017-16014

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...

CVE-2017-16014

CVE-2017-16014 affects the http-proxy library (Node.js). Older versions pre-0.7.0 mishandled errors, allowing an attacker who forces an error to crash the server, causing a denial of service. Public advisories (GitHub GHSA-9XW9-PVGV-6P76; OSV/Red Hat/Debian entries) confirm the vulnerability in a...

CVE-2017-16014

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...

Tracking tens of thousands of kids worldwide

tl;dr Gator Watch - a GPS watch for kids - is leaking data in all ends and anyone on the Internet can live track your kid. We're not talking about a security vulnerability, we're talking about non-existing security. Summary Who: Gator Watch Severity level: Critical Reported: August 2017 Reception...

Denial of Service

Overview Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. Recommendation Update to version 2.1.0 or later. References -...